Project Name: Simple Log Analyzer
Group: 15
Contributors
| Name | Roll Number |
|---|---|
| Abhas Gupta | 2023017 |
| Akshat Singh | 2023064 |
| Anushk Kumar | 2023115 |
| Arhan Jain | 2023118 |
| Ayush Kitawat | 2023160 |
DEMO VIDEO
https://drive.google.com/drive/folders/1VhOf-bO-C1Gz4z2FfUHMUEViqGLyWhrd?usp=sharing
Create a lightweight, efficient, and educational log analysis tool that demonstrates:
- Traditional text-based log parsing and analysis
- Real-time network packet capture and inspection
- Anomaly detection through statistical pattern recognition
- Clean C programming practices with minimal external dependencies
- Log Analysis: Parse and categorize log entries from standard text-based log files
- Security Monitoring: Identify suspicious events based on severity levels and keyword patterns
- Network Monitoring: Capture live network traffic using libpcap
- Threat Detection: Detect potential DDoS attacks through traffic pattern analysis
The system supports three distinct operational modes:
-
File Analysis Mode (default)
- Input: Text log files
- Processing: Parse, categorize, flag suspicious entries
- Output: Statistical summary and suspicious event table
-
Live Capture Mode
- Input: Network interface (via libpcap)
- Processing: Capture packets, extract IPv4 info, detect DDoS patterns
- Output: Capture log file + DDoS alerts
-
Demo Mode
- Input: Synthetic traffic definitions
- Processing: Simulate packet flows, trigger DDoS detector
- Output: Demo log file + alert demonstrations
-
loganalyzer (static library)
- Sources:
log_analyzer.c,ddos_detector.c,packet_capture.c - Headers:
include/directory - Flags:
-Wall -Wextra -pedantic
- Sources:
-
loganalyser (executable)
- Sources:
main.c,demo.c - Links: loganalyzer library
- Sources:
-
test_log_analyzer (test executable)
- Integrated with CTest
find_package(PCAP QUIET)
if (NOT PCAP_FOUND)
find_library(PCAP_LIBRARY pcap)
if (PCAP_LIBRARY)
set(PCAP_LIBRARIES ${PCAP_LIBRARY})
set(PCAP_FOUND TRUE)
endif()
endif()
if (PCAP_FOUND)
target_link_libraries(loganalyzer PUBLIC ${PCAP_LIBRARIES})
else()
target_compile_definitions(loganalyzer PUBLIC LOG_ANALYZER_NO_PCAP=1)
message(WARNING "libpcap not found; live capture mode disabled.")
endif()Graceful Degradation
- Missing libpcap →
LOG_ANALYZER_NO_PCAP=1defined at compile time - Capture mode stubs return error immediately
- File analysis and demo modes remain fully functional
| Platform | Compiler | libpcap Availability | Notes |
|---|---|---|---|
| macOS | Clang/GCC | Built-in | No installation required |
| Linux | GCC/Clang | Package manager | sudo apt install libpcap-dev |
| BSD | GCC/Clang | Built-in or ports | Usually pre-installed |
| Windows | MSVC/MinGW | WinPcap/Npcap required | Separate installation needed |
# Standard build
cmake -S project-v2 -B project-v2/build
cmake --build project-v2/build
# With specific compiler
cmake -S project-v2 -B project-v2/build -DCMAKE_C_COMPILER=clang
cmake --build project-v2/build
# Run tests
ctest --test-dir project-v2/build --output-on-failure--input <path> Log file to analyze (default: sample-logs/auth.log)
--list-samples List available sample logs and exit
--help, -h Show this help message
capture [options]
--iface <name> Network interface (default: en0)
--limit <n> Max packets to capture (default: 500)
--duration <sec> Max capture duration in seconds (default: 15)
--log <path> Output log file (default: sample-logs/live_capture.log)
--threshold <n> DDoS alert threshold (default: 120 packets)
--window <sec> DDoS detection window (default: 5 seconds)
run demo test1 Execute built-in demo scenario (test1)